Although ransomware has long been a serious concern for business owners worldwide, the COVID-19 pandemic has created new opportunities for this threat to flourish, and the attack vector is likely to become even more dangerous in the years to come.

According to one report, 304 million ransomware attacks occurred worldwide in 2020, with ransomware affecting over 65% of global businesses. ¹ Experts suggest that this is just the tip of the iceberg. Unfortunately, even though SMEs continue to be disproportionately affected by these infamous attacks, reports and notifications rarely make the headlines.

When it comes to cybersecurity and ransomware, the biggest mistake SMEs make is assuming that hackers only target large corporations. This is why many SMEs still rely on simple backups and have no solid strategy in place.

The truth is, hackers rely on small businesses to have fewer security measures in place, making it easier for them to get into your systems. While it’s good to have a data backup, it’s high time you took its security a step further.

The 3-2-1 backup strategy for your business

This is an industry best practice to reduce the risk of losing data in the event of a breach. The 3-2-1 strategy implies having at least three copies of your data, two on site but on different media/devices, and one off site. Let’s look at each of the three elements and the issues they address:

Three copies of the data

Having at least two additional copies of your data, in addition to your original data, is ideal. This ensures that in the event of a claim, you’ll always have extra copies. The first data backup copy is usually stored in the same physical location as the original server, if not the same physical server.

Two different mediums

Storing additional copies of your valuable data on the same server/location won’t help in the event of a breach. Keep two copies of your data on different types of storage media, such as internal hard drives and removable storage such as an external hard drive or USB drive. If this isn’t practical for your business, keep copies on two internal hard drives in separate storage locations.

An off-site copy

Keep a copy of your data off-site, away from others. This helps protect against worst-case scenarios.

In addition to the 3-2-1 backup strategy, consider applying the layered security concept to secure your data and backups.

The importance of layered security in cyber defense

Most SMEs have an antivirus or firewall installed, but this is generally insufficient to combat today’s sophisticated threat landscape, requiring the application of a layered security approach.

Since no technology or security measure is perfect or guaranteed, layered security assumes that attackers will infiltrate different layers of an organization’s defenses, or have already done so. The aim of this approach is to provide multiple security measures so that if an attack gets past one security tool, there are others in place to help identify and stop the attack before your data is stolen.

The THREE ELEMENTS of layered safety are as follows:

Prevention

Safety policies, controls and processes should all be designed and implemented during the PREVENTION phase.

Detection

The aim of DETECTION is to discover and notify a compromise as soon as possible.

Answer

A rapid RESPONSE is crucial if the detection phase is to be meaningful.

Layered safety

Layered security is divided into seven layers by security experts. Hackers looking to get into a system need to penetrate every layer to gain access. If you want to keep cybercriminals off your systems, focus on improving these seven layers:

1. Information security policies

Implement security policies that limit unauthorized access, because the safety and well-being of IT resources depend on it. This will help you raise awareness of information security within your organization, and demonstrate to your customers that you’re serious about securing their data.

2. Physical security

Physical security measures, such as fencing and cameras, are essential to prevent unwanted intruders from breaking in. It also helps monitor employees with access to sensitive systems.

3. Network security

All it takes is for hackers to exploit a single vulnerability to gain access to a company’s network. They can easily penetrate computers and servers after gaining access to your network. Consequently, effective network security measures are essential.

4. Vulnerability analysis

Vulnerabilities that occur as a result of factors such as inadequate patch management and configuration errors open the door to cybercriminals. However, vulnerability scans help to detect these missed patches and incorrect configurations.

5. Robust identity and access management (IAM)

Technological advances have made it easier than ever to acquire passwords and hack into networks. IAM limits access to critical data and applications to certain workers, making unauthorized access difficult.

6. Proactive protection and reactive backup + recovery

Proactive protection detects and corrects security risks before they result in a complete breach. The aim of reactive backup and recovery is to recover quickly after an attack.

7. Continuous monitoring and testing

Failure to regularly monitor and test your backup and disaster recovery strategy is a major oversight and can lead to a breach.

While it’s your responsibility to make sure your business doesn’t get sucked into the quicksand of data loss, it’s easy to get overwhelmed if you try to figure it all out on your own. Working with a specialist like us gives you the advantage of having an expert on your side. We’ll make sure your backup and security postures are up to the challenge. Contact us today to schedule a consultation.

Target:

1. Statista